mirror of
https://github.com/we-promise/sure.git
synced 2026-05-08 13:14:58 +00:00
e93b1f1fd7
* feat(api): expose family settings * test(api): assert family settings moniker * test(api): align family settings api key helper * fix(api): tighten family settings schema
85 lines
2.5 KiB
Ruby
85 lines
2.5 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require "test_helper"
|
|
|
|
class Api::V1::FamilySettingsControllerTest < ActionDispatch::IntegrationTest
|
|
setup do
|
|
@user = users(:family_admin)
|
|
@family = @user.family
|
|
@family.update!(
|
|
currency: "SGD",
|
|
enabled_currencies: [ "USD" ],
|
|
locale: "en",
|
|
date_format: "%Y-%m-%d",
|
|
country: "SG",
|
|
timezone: "Asia/Singapore",
|
|
month_start_day: 15,
|
|
moniker: "Family",
|
|
default_account_sharing: "private"
|
|
)
|
|
|
|
@user.api_keys.active.destroy_all
|
|
@api_key = ApiKey.create!(
|
|
user: @user,
|
|
name: "Test Read Key",
|
|
scopes: [ "read" ],
|
|
source: "web",
|
|
display_key: "test_read_#{SecureRandom.hex(8)}"
|
|
)
|
|
Redis.new.del("api_rate_limit:#{@api_key.id}")
|
|
end
|
|
|
|
test "shows current family settings snapshot" do
|
|
get api_v1_family_settings_url, headers: api_headers(@api_key)
|
|
|
|
assert_response :success
|
|
response_body = JSON.parse(response.body)
|
|
|
|
assert_equal @family.id, response_body["id"]
|
|
assert_equal @family.name, response_body["name"]
|
|
assert_equal "SGD", response_body["currency"]
|
|
assert_equal "en", response_body["locale"]
|
|
assert_equal "%Y-%m-%d", response_body["date_format"]
|
|
assert_equal "SG", response_body["country"]
|
|
assert_equal "Asia/Singapore", response_body["timezone"]
|
|
assert_equal 15, response_body["month_start_day"]
|
|
assert_equal "Family", response_body["moniker"]
|
|
assert_equal "private", response_body["default_account_sharing"]
|
|
assert_equal true, response_body["custom_enabled_currencies"]
|
|
assert_equal @family.enabled_currency_codes, response_body["enabled_currencies"]
|
|
assert_equal @family.created_at.iso8601, response_body["created_at"]
|
|
assert_equal @family.updated_at.iso8601, response_body["updated_at"]
|
|
assert_not response_body.key?("stripe_customer_id")
|
|
assert_not response_body.key?("vector_store_id")
|
|
end
|
|
|
|
test "requires authentication" do
|
|
get api_v1_family_settings_url
|
|
|
|
assert_response :unauthorized
|
|
end
|
|
|
|
test "requires read scope" do
|
|
api_key_without_read = ApiKey.new(
|
|
user: @user,
|
|
name: "No Read Key",
|
|
scopes: [],
|
|
source: "web",
|
|
display_key: "no_read_#{SecureRandom.hex(8)}"
|
|
)
|
|
api_key_without_read.save!(validate: false)
|
|
|
|
get api_v1_family_settings_url, headers: api_headers(api_key_without_read)
|
|
|
|
assert_response :forbidden
|
|
ensure
|
|
api_key_without_read&.destroy
|
|
end
|
|
|
|
private
|
|
|
|
def api_headers(api_key)
|
|
{ "X-Api-Key" => api_key.plain_key }
|
|
end
|
|
end
|